Welcome to AWS
RoadShow Dublin
@AWScloud @AWS_UKI
AWS RoadShow Dublin
Ian Massingham - Technical Evangelist
11 June 2014
What will we cover this morning?
09:30 Registration
10:00 An Introduction to AWS
10:45 Skill Pages & AWS
11:00 Break
11:15...
What is AWS?
Ian	
  Massingham	
  -­‐	
  Technical	
  Evangelist	
  
@IanMmmm	
  
background
Deep experience in
building and
operating global web
scale systems
About Amazon
Web Services
?
…get into cloud computing?
...
Consumer
Business
Tens of millions of active
customer accounts
8 countries:
US, UK, Germany, Japan,
France, Canada, China,...
AWS Mission

Enable businesses and
developers to use web
services* to build scalable,
sophisticated applications.


*What ...
Not excess capacity!
Not excess capacity!
Startups on AWS
Find out more at : aws.amazon.com/solutions/case-studies
Powering the Most Popular Internet Businesses
Find out more at : aws.amazon.com/solutions/case-studies
Enterprises on AWS
...
Each day AWS adds the equivalent server
capacity to power Amazon when it was a
global, $7B enterprise
Objects in S3
Trillions of Objects
(000,000,000,000s)
Servicing over 2 million
requests per Second
utility computing
On demand
 Pay as you go
Uniform
 Available
Utility computing
Utility computing
On demand
 Pay as you go
Available
Uniform
Utility computing
Utility computing
Compute	
  
Storage	
  
Security	
   Scaling	
  
Database	
  
Networking	
  
Monitoring	
  
Messaging	
 ...
On	
  a	
  global	
  footprint	
  
Region
US-WEST (N. California)
 EU-WEST (Ireland)
ASIA PAC (Tokyo)
ASIA PAC
(Singapore)...
At the end of a web service
aws ec2 run-instances
--image-id ami-a813fadf
--count 3
--placement AvailabilityZone=eu-west-1...
and a rich Management Console
elasticity
Traditional IT
capacity
Elastic capacity
Capacity
Time
Your IT needs
On	
  and	
  Off	
   Fast	
  Growth	
  
Variable	
  peaks	
   Predictable	
  peaks	
  
Elastic capacity
Elastic capacity
On and Off Fast Growth
Predictable peaksVariable peaks
WASTE
CUSTOMER DISSATISFACTION
Elastic capacity
Fast GrowthOn and Off
Predictable peaksVariable peaks
From one instance…
…to thousands
and back…
exploiting elasticity
Sunday Monday Tuesday Wednesday Thursday Friday Saturday
Typical weekly traffic to Amazon.com
November traffic to Amazon.com
November
November traffic to Amazon.com
Provisioned capacity
November
November traffic to Amazon.com
76%
24%
Provisioned capacity
November
November 10th 2010
Turned off last physical web server of
Amazon.com
November 10th 2010
Turned off last physical web server of
Amazon.com
October 31st 2011
Turned off last web servers support...
November traffic to Amazon.com
November
Building a Top500 HPC Cluster on AWS
the toolbox
Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Reference Model
sec...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
Compute	
   Storage	
  
AWS	
  Global	
  Infrastructure	
  
Database	
  
App	
  Services	
  
Deployment	
  &	
  Administra...
+ others
WorkSpaces
Cloud Search
Simple Email Service
Simple Workflow Service
Simple Notification Service
ElastiCache (Memca...
security & compliance
Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Location...
Foundation Services
Compute Storage Database Networking
Client-side Data Encryption & Data
Integrity Authentication
Server...
Certifications
SOC 1 Type 2 (formerly
SAS-70)
ISO 27001
PCI DSS for EC2, S3, EBS,
VPC, RDS, ELB, IAM
FISMA Moderate Compli...
Redefining the Labour Market
Mike McCarthy, CTO
SkillPages
AWS Roadshow Dublin
One Place to Find Skilled People
Find Skilled People!
!
for anything you need done
Get Found!
by people who need your skil...
Challenges
Focus on building the best product for our users
avoid overhead of building out core infrastructure
Scalability...
ElastiCache
Redshift
Data warehouse
Amazon
RDS
DynamoDB
Counters & Flags
EC2
Servers, Hive,
Hadoop
Elastic Beanstalk
Load ...
SkillPages serves over
23,000,000
registered users
Presenting over
400,000 people
with new work opportunities daily
Scaled to support over
665% growth
over 2 last years
Platform processes over
2,500,000,000
network data points daily
Typically handle
150,000,000
messages per month
Built and supported by just
20 Engineers
Benefits Realised
ü Robust Infrastructure
ü Flexibility
ü Cost Effective
ü Expanding Service Offering
ü Excellent sup...
Visit us at
www.skillpages.com
Try a €139 business job posting for free
with coupon AWSDUB611 at checkout
Best practices for getting
started with AWS
Ian Massingham – Technical Evangelist
@IanMmmm
8 things you should know
Where you should start
Things to do up front
Choose your use
case well
1
Choose use case that suits you
Make your first project a S.M.A.R.T one
Choose use case that suits you
Dev & Test
Spin environments up and
down on demand
Decouple development and test
environmen...
Dev & Test
Spin environments up and
down on demand
Decouple development and test
environments from operations
constraints
...
Dev & Test
Spin environments up and
down on demand
Decouple development and test
environments from operations
constraints
...
Dev & Test
Spin environments up and
down on demand
Decouple development and test
environments from operations
constraints
...
PoC Production Automation
Understand services
Test performance
Architect for scale
Build cross functional team capabilitie...
PoC Production Automation
Understand services
Test performance
Architect for scale
Build cross functional team capabilitie...
Lay Out Your
Foundations
2
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g
Dev ...
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g
Dev ...
Enable CSV &
Programmatic Access
Billing
Preferences
Billing settings
Master Account
aws.invoices@mycompany.com	
  
Division B
admin@divisionB.com	
  
User2	
  
Dev2	
  
Admin2	
  
IAM
Master Account
aws.invoices@mycompany.com	
  
consoli...
Division B
admin@divisionB.com	
  
User2	
  
Dev2	
  
Admin2	
  
IAM
Tags:
Own=Div	
  
Proj=P	
  
Tags:
Own=Div	
  
Proj=Q...
Operating Co. A
admin@opcoa.com	
  
User1	
  
Dev1	
  
Admin1	
  
IAM
Tags:
Own=OpCo	
  
Proj=A	
  
Tags:
Own=OpCo	
  
Pro...
Operating Co. A
admin@opcoa.com	
  
User1	
  
Dev1	
  
Admin1	
  
IAM
Tags:
Own=OpCo	
  
Proj=A	
  
Tags:
Own=OpCo	
  
Pro...
Master Account
aws.invoices@mycompany.com	
  
consolidated billing information
Programmatic billing access
S3 CSV
Operatin...
Master Account
aws.invoices@mycompany.com	
  
consolidated billing information
Programmatic billing access
S3 CSV
Operatin...
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g
Dev ...
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g
Dev ...
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g
Dev ...
Account
Administrators Developers Applications
Bob
Kevin
Tomcat
Jim Brad
Mark
Susan
Reporting
Console
Identity & access ma...
Account
Administrators Developers Applications
Bob
Kevin
Tomcat
Jim Brad
Mark
Susan
Reporting
Console
Multi-factor authent...
AWS system entitlements
RolesAccount
Administrators Developers Applications
Bob
Kevin
Tomcat
Jim Brad
Mark
Susan
Reporting...
IAM policies
{	
  
	
  	
  "Statement":	
  [	
  
	
  	
  	
  	
  {	
  
	
  	
  	
  	
  	
  	
  "Effect":	
  "Allow",	
  
	...
3
Think security
Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Location...
Understand your customer & form security stance
Leverage shared security model
Understand your customer & form security stance
Leverage shared security model
Your certifications Your processes
Penetrat...
Understand your customer & form security stance
Leverage shared security model
IAM
Administration
Architecture
Internal
au...
Understand your customer & form security stance
Leverage shared security model
IAM
Administration
Architecture
Internal
au...
Understand your customer & form security stance
Engage with security assessors early in adoption cycle
Leverage shared sec...
Understand your customer & form security stance
Engage with security assessors early in adoption cycle
Use comprehensive m...
Understand your customer & form security stance
Engage with security assessors early in adoption cycle
Use comprehensive m...
Build upon AWS features
IAM
Control users and allow AWS to
manage credentials in running
instances for service access
(all...
Architect to use cloud
strengths
4
Architect to use cloud strengths
e.g. Application performance improvement by migration of static content to S3/CloudFront
...
1 Create instance for your OS choice
2 Configure environment
3 Install software
4 Create AMI from instance
5 Launch fully ...
ami-id
ami-launch-index
ami-manifest-path
block-device-mapping
hostname
instance-action
instance-id
Instance-type
kernel-i...
+ user data
Scripts in user-data field of metadata will be executed on launch
e.g.
http://169.254.169.254/latest/meta-data...
+ user data
Scripts in user-data field of metadata will be executed on launch
http://169.254.169.254/latest/meta-data
Meta...
1.  Use multiple availability
zones
2.  Use RDS with replicas
and slaves
3.  Use auto-scaling
groups
4.  Use Elastic Load
Balancing
5.  Use Route53 to host
DNS zones
Use at regional level
Combined with autoscaling will
balance requests and resource
capacity across availability zones
With...
Services not software
5
AWS
Cloud-Based
Infrastructure & Services
Your
Business
More Time to Focus on
Your Business
Configuring Your
Cloud Assets
...
Relational Database Service
Database-as-a-Service
No need to install or manage database instances
Scalable and fault toler...
Amazon SQS
Processing task/
processing trigger
Processing results
Amazon SQS
Reliable, highly scalable, queue service
for ...
Cloud Search
Elastic search engine based upon
Amazon A9 search engine
Fully managed service with
sophisticated feature set...
Be elastic and cost
optimized
6
Be elastic and cost optimized
Scalability
Availability
Cost Optimization
Elastic Load Balancing Auto-scaling policies
Inst...
Manually
Send an API call or use CLI to
launch/terminate instances –
Only need to specify capacity
change (+/-)
By Schedul...
Manually
Send an API call or use CLI to
launch/terminate instances –
Only need to specify capacity
change (+/-)
By Schedul...
Unix/Linux instances start at $0.02/
hour
Pay as you go for compute power
Low cost and flexibility
Pay only for what you u...
Use frameworks
7
Compute
Storage
Security
Scaling
Database
Networking
Monitoring
Messaging
Workflow
DNS
Load Balancing
BackupCDN
Everything...
Quickly deploy and manage apps in AWS…
Elastic
Beanstalk
CloudFormationOpsWorks
CloudFormation components & terminology
Template
CloudFormation
Stack
JSON formatted file
Parameter definition
Resource cr...
Powerful management framework with Chef support
Stack Layers Management
Managed
environment
Definition of environment
such...
Get supported
8
Basic
Developer
Business
Enterprise
Offering
24x7x365 ✓
Forum Access ✓
Documentation ✓
Access to support Support for
Healt...
Basic
Developer
Business
Enterprise
Offering
24x7x365 ✓
Forum Access ✓
Documentation ✓
Access to support Support for
Healt...
Developer
Basic
Business
Enterprise
Offering
24x7x365 ✓
Forum Access ✓
Documentation ✓
Access to support Email
Named Conta...
Business
Basic
Developer
Enterprise
Offering
24x7x365 ✓
Forum Access ✓
Documentation ✓
Access to support Phone, Chat, Emai...
Enterprise
Basic
Developer
Business
Offering
24x7x365 ✓
Forum Access ✓
Documentation ✓
Access to support Phone, Chat, Emai...
Trusted advisor
Security Fault Tolerance Cost Optimization
Open ports in Security Groups
World access (/0 CIDR)
IAM use
EBS snapshot age
E...
3rd party software
Operating Systems 3rd Party Software
3rd Party Software Support Enhancements
Operating Systems including:
Ubuntu Linux
Red...
Summary
Next Steps
Choose your use case well
Organize your environments
Think security
Architect to cloud strengths
Services not software
Be ...
AWS Training & Certification
CerEficaEon	
  
aws.amazon.com/cerKficaKon	
  
Demonstrate	
  your	
  skills,	
  
knowledge,	
 ...
Join us for
AWS CloudSchool
Dublin
July 15
#AWS #CloudSchool
We typically see customers start by trying our services
Get	
  started	
  now	
  at	
  :	
  aws.amazon.com/gecng-­‐started...
Design your application for the AWS Cloud
More	
  details	
  on	
  the	
  AWS	
  Architecture	
  Center	
  at	
  :	
  aws....
AWS RoadShow Dublin
Ian Massingham - Technical Evangelist
11 June 2014
@AWS_UKI for local AWS events & news
@AWScloud for Global AWS News and Announcements
©Amazon.com,	
  Inc.	
  and	
  its	
 ...
AWS RoadShow Dublin
AWS RoadShow Dublin
Upcoming SlideShare
Loading in …5
×

AWS RoadShow Dublin

1,201 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

AWS RoadShow Dublin

  1. 1. Welcome to AWS RoadShow Dublin @AWScloud @AWS_UKI
  2. 2. AWS RoadShow Dublin Ian Massingham - Technical Evangelist 11 June 2014
  3. 3. What will we cover this morning? 09:30 Registration 10:00 An Introduction to AWS 10:45 Skill Pages & AWS 11:00 Break 11:15 Tricks & Tips for Getting Started with AWS
  4. 4. What is AWS? Ian  Massingham  -­‐  Technical  Evangelist   @IanMmmm  
  5. 5. background
  6. 6. Deep experience in building and operating global web scale systems About Amazon Web Services ? …get into cloud computing? How did Amazon…
  7. 7. Consumer Business Tens of millions of active customer accounts 8 countries: US, UK, Germany, Japan, France, Canada, China, Italy Seller Business Sell on Amazon websites Use Amazon technology for your own retail website Leverage Amazon’s massive fulfillment center network IT Infrastructure Business Cloud computing infrastructure for hosting web-scale solutions Hundreds of thousands of registered customers in over 190 countries
  8. 8. AWS Mission Enable businesses and developers to use web services* to build scalable, sophisticated applications. *What people now call “the cloud”
  9. 9. Not excess capacity!
  10. 10. Not excess capacity! Startups on AWS Find out more at : aws.amazon.com/solutions/case-studies
  11. 11. Powering the Most Popular Internet Businesses Find out more at : aws.amazon.com/solutions/case-studies Enterprises on AWS Find out more at : aws.amazon.com/solutions/case-studies
  12. 12. Each day AWS adds the equivalent server capacity to power Amazon when it was a global, $7B enterprise
  13. 13. Objects in S3 Trillions of Objects (000,000,000,000s) Servicing over 2 million requests per Second
  14. 14. utility computing
  15. 15. On demand Pay as you go Uniform Available Utility computing
  16. 16. Utility computing On demand Pay as you go Available Uniform
  17. 17. Utility computing
  18. 18. Utility computing Compute   Storage   Security   Scaling   Database   Networking   Monitoring   Messaging   Workflow   DNS   Load  Balancing   Backup  CDN   On demand Pay as you go Uniform Available
  19. 19. On  a  global  footprint   Region US-WEST (N. California) EU-WEST (Ireland) ASIA PAC (Tokyo) ASIA PAC (Singapore) US-WEST (Oregon) SOUTH AMERICA (Sao Paulo) US-EAST (Virginia) GOV CLOUD ASIA PAC (Sydney)
  20. 20. At the end of a web service aws ec2 run-instances --image-id ami-a813fadf --count 3 --placement AvailabilityZone=eu-west-1a --instance-type m1.small aws ec2 run-instances --image-id ami-a813fadf --count 5 --placement AvailabilityZone=eu-west-1c --instance-type m1.medium
  21. 21. and a rich Management Console
  22. 22. elasticity
  23. 23. Traditional IT capacity Elastic capacity Capacity Time Your IT needs
  24. 24. On  and  Off   Fast  Growth   Variable  peaks   Predictable  peaks   Elastic capacity
  25. 25. Elastic capacity On and Off Fast Growth Predictable peaksVariable peaks WASTE CUSTOMER DISSATISFACTION
  26. 26. Elastic capacity Fast GrowthOn and Off Predictable peaksVariable peaks
  27. 27. From one instance…
  28. 28. …to thousands
  29. 29. and back…
  30. 30. exploiting elasticity
  31. 31. Sunday Monday Tuesday Wednesday Thursday Friday Saturday Typical weekly traffic to Amazon.com
  32. 32. November traffic to Amazon.com November
  33. 33. November traffic to Amazon.com Provisioned capacity November
  34. 34. November traffic to Amazon.com 76% 24% Provisioned capacity November
  35. 35. November 10th 2010 Turned off last physical web server of Amazon.com
  36. 36. November 10th 2010 Turned off last physical web server of Amazon.com October 31st 2011 Turned off last web servers supporting European business
  37. 37. November traffic to Amazon.com November
  38. 38. Building a Top500 HPC Cluster on AWS
  39. 39. the toolbox
  40. 40. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Reference Model security
  41. 41. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Global infrastructure Regions An independent collection of AWS resources in a defined geography A solid foundation for meeting location-dependent privacy and compliance requirements
  42. 42. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Global infrastructure Availability Zones Designed as independent failure zones Physically separated within a typical metropolitan region
  43. 43. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Global infrastructure Edge Locations To deliver content to end users with lower latency A global network of edge locations Supports global DNS infrastructure (Route53) and Cloud Front CDN Dallas(2) St.Louis Miami JacksonvilleLos Angeles (2) Palo Alto Seattle Ashburn(3) Newark New York (3) Dublin London(2) Amsterdam (2) Stockholm Frankfurt(2) Paris(2) Singapore(2) Hong Kong (2) Tokyo (2) Sao Paulo South Bend San Jose Osaka Milan Sydney Madrid Seoul Mumbai Chennai
  44. 44. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Networking Direct Connect Dedicated connection to AWS VPN Connection Secure internet connection to AWS Virtual Private Cloud Private, isolated section of the AWS Cloud Route 53 Highly available and scalable Domain Name Service
  45. 45. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Compute Vertical Scaling From $0.02/hr Elastic Compute Cloud (EC2) Basic unit of compute capacity Range of CPU, memory & local disk options 13 Instance types available, from micro to cluster compute Feature   Details   Flexible   Run  windows  or  linux  distribuKons   Scalable   Wide  range  of  instance  types  from  micro  to  cluster  compute   Machine  Images   ConfiguraKons  can  be  saved  as  machine  images  (AMIs)  from  which  new   instances  can  be  created   Full  control   Full  root  or  administrator  rights   Secure   Full  firewall  control  via  Security  Groups   Monitoring   Publishes  metrics  to  Cloud  Watch   Inexpensive   On-­‐demand,  Reserved  and  Spot  instance  types   VM  Import/Export   Import  and  export  VM  images  to  transfer  configuraKons  in  and  out  of  EC2  
  46. 46. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Compute Auto-scaling Automatic provisioning of compute resources based upon demand, configuration or schedule Trigger auto- scaling policy Feature   Details   Control   Define  minimum  and  maximum  instance  pool  sizes  and  when  scaling  and   cool  down  occurs   Integrated  to  CloudWatch   Use  metrics  gathered  by  CloudWatch  to  drive  scaling   Instance  types   Run  auto  scaling  for  on-­‐demand  instances  and  spot.  CompaKble  with  VPC   aws autoscaling create-auto-scaling-group --auto-scaling-group-name MyGroup --launch-configuration-name MyConfig --availability-zones eu-west-1a --min-size 4 --max-size 200
  47. 47. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Compute Elastic Load Balancing Create highly scalable applications Distribute load across EC2 instances in multiple availability zones Feature   Details   Auto-­‐scaling   AutomaKcally  scales  to  handle  request  volume   Available   Load  balance  across  instances  in  mulKple  availability  zones   Health  checks   AutomaKcally  checks  health  of  instances  and  takes  them  in  or  out  of   service   Session  sEckiness   Route  requests  to  the  same  instance   Secure  sockets  layer   Supports  SSL  offload  from  web  and  applicaKon  servers  with  flexible  cipher   support   Monitoring   Publishes  metrics  to  Cloud  Watch  
  48. 48. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Storage S3 - Durable storage, any object 99.999999999% durability of objects Unlimited storage of objects of any type Up to 5TB size per object Feature   Details   Flexible  object  store   Buckets  act  like  drives,  folder  structures  within   Access  control   Granular  control  over  object  permissions   Server-­‐side  encrypEon   256bit  AES  encrypKon  of  objects   MulE-­‐part  uploads   Improved  throughput  &  control   Object  versioning   Archive  old  objects  and  version  new  ones   Object  expiry   AutomaKcally  remove  old  objects   Access  logging   Full  audit  log  of  bucket/object  acKons   Web  content  hosEng   Serve  content  as  web  site  with  built  in  page  handling   NoEficaEons   Receive  noKficaKons  on  key  events   Import/Export   Physical  device  import/export  service  
  49. 49. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Storage Elastic Block Store High performance block storage device 1GB to 1TB in size Mount as drives to instances Feature   Details   High  performance  file  system   Mount  EBS  as  drives  and  format  as  required   Flexible  size   Volumes  from  1GB  to  1TB  in  size   Secure   Private  to  your  instances   Available   Replicated  within  an  Availability  Zone   Backups   Volumes  can  be  snapsho`ed  for  point  in  Kme  restore   Monitoring   Detailed  metrics  captured  via  Cloud  Watch  
  50. 50. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Database Relational Database Service Database-as-a-Service No need to install or manage database instances Scalable and fault tolerant configurations Feature   Details   PlaMorm  support   Create  MySQL,  PostgreSQL,  Microsob  SQL  Server  and  Oracle  RDBMS   Preconfigured   Get  started  instantly  with  sensible  default  secngs   Automated  patching   Keep  your  database  plaeorm  up  to  date  automaKcally   Backups   AutomaKc  backups  and  point  in  Kme  recovery  and  full  DB  backups   Backups   Volumes  can  be  snapsho`ed  for  point  in  Kme  restore   Failover   Automated  failover  to  slave  hosts  in  event  of  a  failure   ReplicaEon   Easily  create  read-­‐replicas  of  your  data  and  seamlessly  replicate  data   across  availability  zones  
  51. 51. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Database Amazon  RelaKonal  Database  Service  (Amazon  RDS)   databases  stores  forum  threads,  site  content,  and   project  configuraKon  data.       High  availability  MulE-­‐AZ  database  deployment  to   handle  live  game  metadata  and  user-­‐generated   content.       Enterprise-­‐grade  fault  tolerance  for  protecKng   customer  data.       By  managing  Eme-­‐consuming  database   administraEon  tasks,  Amazon  RDS  allows  SEGA  to   focus  on  business  criKcal  applicaKons.  
  52. 52. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Database DynamoDB Provisioned throughput NoSQL database Fast, predictable performance Fully distributed, fault tolerant architecture Feature   Details   Provisioned  throughput   Dial  up  or  down  provisioned  read/write  capacity   Predictable  performance   Average  single  digit  millisecond  latencies  from  SSD  backed  infrastructure   Strong  consistency   Be  sure  you  are  reading  the  most  up  to  date  values   Fault  tolerant   Data  replicated  across  availability  zones   Monitoring   Integrated  to  Cloud  Watch   Secure   Integrates  with  AWS  IdenKty  and  Access  Management  (IAM)   ElasEc  MapReduce   Integrates  with  ElasKc  MapReduce  for  complex  analyKcs  on  large  datasets  
  53. 53. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Database Redshift Managed Massively Parallel Petabyte Scale Data Warehouse Streaming Backup/Restore to S3 Extensive Security 2 TB -> 1.6 PB RDS Dynamo DB Redshift
  54. 54. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Application Services CloudFront World-wide content distribution network Easily distribute content to end users with low latency, high data transfer speeds, and no commitments. Feature   Details   Fast   MulKple  world-­‐wide  edge  locaKons  to  serve  content  as  close  to  your  users   as  possible   Integrated  with  other  services   Works  seamlessly  with  S3  and  EC2  origin  servers   Dynamic  content   Supports  staKc  and  dynamic  content  from  origin  servers   Streaming   Supports  rtmp  from  S3  and  includes  support  for  live  streaming  from   Adobe  FMS  and  Microsob  Media  Server   London Paris NY Served from S3 /images/* 3 Served from EC2 *.php 2 Single CNAME www.mysite.com 1
  55. 55. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Application Services Amazon SQS Processing task/ processing trigger Processing results Amazon SQS Reliable, highly scalable, queue service for storing messages as they travel between instances Feature   Details   Reliable   Messages  stored  redundantly  across  mulKple  availability  zones   Simple   Simple  APIs  to  send  and  receive  messages   Scalable   Unlimited  number  of  messages   Secure   AuthenKcaKon  of  queues  to  ensure  controlled  access  
  56. 56. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Deployment & Admin Elastic Beanstalk One-click deployment from Eclipse, Visual Studio and Git Rapid deployment of applications All AWS resources automatically created Feature   Details   PlaMorm  support   Containers  for  Java,  .net  and  PHP   Resource  creaEon   Creates  load  balancer,  instances,  autoscaling  and  monitoring   automaKcally   Monitoring  &  Logs   Integrated  with  Cloud  Watch  and  consolidates  server  logs   Versioning   Manage  versions  of  applicaKons  and  easily  rollback  deployments   NoEficaEons   Receive  alerts  on  key  events   Full  resource  access   Access  all  underlying  AWS  resources  as  necessary  
  57. 57. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Deployment & Admin OpsWorks DevOps focused managed application stacks Underlying Chef recipes allow for complete customisation Feature   Details   PlaMorm  support   Chef  recipes  allows  for  community  expansion  for  plaeorm  components   such  as  Solr,  NgniX  etc   Resource  creaEon   Customizable  deployments,  rollback,  parKal  deployments,  patch   management,  automaKc  instance  scaling,  and  auto  healing   Layered   Manage  logical  applicaKon  layers  and  combine  into  stacks.  
  58. 58. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Cloud Formation Automate creation of ‘stacks’ in a repeatable way Scripting framework for AWS resource creation Feature   Details   PlaMorm  support   Support  for  AWS  resources  from  EC2  to  IAM   Resource  creaEon   Creates  AWS  resources  behind  the  scenes  and  reports  on  progress   DeclaraEve   Specify  stacks  in  JSON  format  and  source  control  your  environments   Customizable   Drive  stack  creaKon  with  parameters   Deployment & Admin
  59. 59. Compute   Storage   AWS  Global  Infrastructure   Database   App  Services   Deployment  &  AdministraKon   Networking   Deployment & Admin Identity & Access Management Granular control of user rights with AWS Automated granting of EC2 service rights Software Developer Kits Comprehensive support of programming models for using AWS services
  60. 60. + others WorkSpaces Cloud Search Simple Email Service Simple Workflow Service Simple Notification Service ElastiCache (Memcache & Redis) Elastic MapReduce CloudWatch …and more to come!
  61. 61. security & compliance
  62. 62. Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Amazon Shared responsibility
  63. 63. Foundation Services Compute Storage Database Networking Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer Data Amazon Shared responsibility You AWS Global Infrastructure Regions Availability Zones Edge Locations
  64. 64. Certifications SOC 1 Type 2 (formerly SAS-70) ISO 27001 PCI DSS for EC2, S3, EBS, VPC, RDS, ELB, IAM FISMA Moderate Compliant Controls HIPAA & ITAR Compliant Architecture Physical Security Datacenters in nondescript facilities Physical access strictly controlled Must pass two-factor authentication at least twice for floor access Physical access logged and audited HW, SW, Network Systematic change management Phased updates deployment Safe storage decommission Automated monitoring and self- audit Advanced network protection Security standards http://aws.amazon.com/security
  65. 65. Redefining the Labour Market Mike McCarthy, CTO SkillPages AWS Roadshow Dublin
  66. 66. One Place to Find Skilled People Find Skilled People! ! for anything you need done Get Found! by people who need your skills Collaborate! with skilled people globally
  67. 67. Challenges Focus on building the best product for our users avoid overhead of building out core infrastructure ScalabilityFunction Resources Time
  68. 68. ElastiCache Redshift Data warehouse Amazon RDS DynamoDB Counters & Flags EC2 Servers, Hive, Hadoop Elastic Beanstalk Load based Scaling SWF Workflow Engines EMR Big Data Processing CloudWatch Monitoring & Performance Mgt SNS Push Notifications CloudFront Content Delivery Mechanical Turk Crowd sourced Moderation Tasks SQS Message Queue S3 Storage ElastiCache Memecache/ Redis
  69. 69. SkillPages serves over 23,000,000 registered users
  70. 70. Presenting over 400,000 people with new work opportunities daily
  71. 71. Scaled to support over 665% growth over 2 last years
  72. 72. Platform processes over 2,500,000,000 network data points daily
  73. 73. Typically handle 150,000,000 messages per month
  74. 74. Built and supported by just 20 Engineers
  75. 75. Benefits Realised ü Robust Infrastructure ü Flexibility ü Cost Effective ü Expanding Service Offering ü Excellent support & engagement
  76. 76. Visit us at www.skillpages.com Try a €139 business job posting for free with coupon AWSDUB611 at checkout
  77. 77. Best practices for getting started with AWS Ian Massingham – Technical Evangelist @IanMmmm
  78. 78. 8 things you should know Where you should start Things to do up front
  79. 79. Choose your use case well 1
  80. 80. Choose use case that suits you Make your first project a S.M.A.R.T one
  81. 81. Choose use case that suits you Dev & Test Spin environments up and down on demand Decouple development and test environments from operations constraints Explore elasticity in a sandboxed environment Make your first project a S.M.A.R.T one
  82. 82. Dev & Test Spin environments up and down on demand Decouple development and test environments from operations constraints Explore elasticity in a sandboxed environment Backup & DR Take part of your data or business applications step- by- step into non-production DR use Understand cloud dynamics and test during controlled failovers Choose use case that suits you Make your first project a S.M.A.R.T one
  83. 83. Dev & Test Spin environments up and down on demand Decouple development and test environments from operations constraints Explore elasticity in a sandboxed environment Backup & DR Take part of your data or business applications step- by- step into non-production DR use Understand cloud dynamics and test during controlled failovers Greenfield Project Embody best practice of cloud computing in unconstrained greenfield projects Self contained web projects, document archiving etc Choose use case that suits you Make your first project a S.M.A.R.T one
  84. 84. Dev & Test Spin environments up and down on demand Decouple development and test environments from operations constraints Explore elasticity in a sandboxed environment Backup & DR Take part of your data or business applications step- by- step into non-production DR use Understand cloud dynamics and test during controlled failovers Greenfield Project Embody best practice of cloud computing in unconstrained greenfield projects Self contained web projects, document archiving etc Pain Point Move specific service aspects causing undue cost or management burden Workflows, search indexing, media streaming, document archiving, constrained databases Choose use case that suits you Make your first project a S.M.A.R.T one
  85. 85. PoC Production Automation Understand services Test performance Architect for scale Build cross functional team capabilities Implement monitoring Change control and management Security management Scalability Automate corrective measures Auto-scaling Zero downtime deployments System backup and recovery Examples Plan evolution & set goals
  86. 86. PoC Production Automation Understand services Test performance Architect for scale Build cross functional team capabilities Implement monitoring Change control and management Security management Scalability Automate corrective measures Auto-scaling Zero downtime deployments System backup and recovery Examples Plan evolution & set goals Beanstalk Beanstalk Cloud Formation Cloud Watch IAM APIs CLI Auto scaling
  87. 87. Lay Out Your Foundations 2
  88. 88. Create an account structure that makes sense Use accounts like environments where you need separation and control e.g Dev Sandboxes Test Environments Business Units Products & Services Lay Out Your Foundations Accounts
  89. 89. Create an account structure that makes sense Use accounts like environments where you need separation and control e.g Dev Sandboxes Test Environments Business Units Products & Services Control access to billing information Use IAM users to keep billing information in the master account Consolidate billing into a single account Let one account pick up the bill for multiple ‘sub accounts’ Setup billing alerts and automated bill reporting Get CloudWatch notifications when billing reaches a point and output csv reports to S3 for analysis Accounts Billing Lay Out Your Foundations
  90. 90. Enable CSV & Programmatic Access Billing Preferences Billing settings
  91. 91. Master Account aws.invoices@mycompany.com  
  92. 92. Division B admin@divisionB.com   User2   Dev2   Admin2   IAM Master Account aws.invoices@mycompany.com   consolidated billing information
  93. 93. Division B admin@divisionB.com   User2   Dev2   Admin2   IAM Tags: Own=Div   Proj=P   Tags: Own=Div   Proj=Q   Tags: Own=Div   Proj=R   Master Account aws.invoices@mycompany.com   consolidated billing information Tags: (key-value) e.g Own=Div   Proj=R  
  94. 94. Operating Co. A admin@opcoa.com   User1   Dev1   Admin1   IAM Tags: Own=OpCo   Proj=A   Tags: Own=OpCo   Proj=B   Tags: Own=OpCo   Proj=C   Division B admin@divisionB.com   User2   Dev2   Admin2   IAM Tags: Own=Div   Proj=P   Tags: Own=Div   Proj=Q   Tags: Own=Div   Proj=R   Business Unit C admin@busUnitC.com   User3   Dev3   Admin3   IAM Tags: Own=BusC   Proj=X   Tags: Own=BusC   Proj=Y   Tags: Own=BusC   Proj=Z   Master Account aws.invoices@mycompany.com   consolidated billing information
  95. 95. Operating Co. A admin@opcoa.com   User1   Dev1   Admin1   IAM Tags: Own=OpCo   Proj=A   Tags: Own=OpCo   Proj=B   Tags: Own=OpCo   Proj=C   Division B admin@divisionB.com   User2   Dev2   Admin2   IAM Tags: Own=Div   Proj=P   Tags: Own=Div   Proj=Q   Tags: Own=Div   Proj=R   Business Unit C admin@busUnitC.com   User3   Dev3   Admin3   IAM Tags: Own=BusC   Proj=X   Tags: Own=BusC   Proj=Y   Tags: Own=BusC   Proj=Z   Master Account aws.invoices@mycompany.com   consolidated billing information
  96. 96. Master Account aws.invoices@mycompany.com   consolidated billing information Programmatic billing access S3 CSV Operating Co. A admin@opcoa.com   User1   Dev1   Admin1   IAM Tags: Own=OpCo   Proj=A   Tags: Own=OpCo   Proj=B   Tags: Own=OpCo   Proj=C   Division B admin@divisionB.com   User2   Dev2   Admin2   IAM Tags: Own=Div   Proj=P   Tags: Own=Div   Proj=Q   Tags: Own=Div   Proj=R   Business Unit C admin@busUnitC.com   User3   Dev3   Admin3   IAM Tags: Own=BusC   Proj=X   Tags: Own=BusC   Proj=Y   Tags: Own=BusC   Proj=Z  
  97. 97. Master Account aws.invoices@mycompany.com   consolidated billing information Programmatic billing access S3 CSV Operating Co. A admin@opcoa.com   User1   Dev1   Admin1   IAM Tags: Own=OpCo   Proj=A   Tags: Own=OpCo   Proj=B   Tags: Own=OpCo   Proj=C   Division B admin@divisionB.com   User2   Dev2   Admin2   IAM Tags: Own=Div   Proj=P   Tags: Own=Div   Proj=Q   Tags: Own=Div   Proj=R   Business Unit C admin@busUnitC.com   User3   Dev3   Admin3   IAM Tags: Own=BusC   Proj=X   Tags: Own=BusC   Proj=Y   Tags: Own=BusC   Proj=Z  
  98. 98. Create an account structure that makes sense Use accounts like environments where you need separation and control e.g Dev Sandboxes Test Environments Business Units Products & Services Control access to billing information Use IAM users to keep billing information in the master account Consolidate billing into a single account Let one account pick up the bill for multiple ‘sub accounts’ Setup billing alerts and automated bill reporting Get CloudWatch notifications when billing reaches a point and output csv reports to S3 for analysis Accounts Billing Lay Out Your Foundations
  99. 99. Create an account structure that makes sense Use accounts like environments where you need separation and control e.g Dev Sandboxes Test Environments Business Units Products & Services Control access to billing information Use IAM users to keep billing information in the master account Consolidate billing into a single account Let one account pick up the bill for multiple ‘sub accounts’ Setup billing alerts and automated bill reporting Get CloudWatch notifications when billing reaches a point and output csv reports to S3 for analysis Decide upon a key management strategy Control access to EC2 instances via SSH and embedded public key: e.g. EC2 Key Pair per group of instances, EC2 Key Pair per account Consider SSH key rotation & automation Limit exposure to private key compromise by rotating keys and replacing authorized_keys listings on running instances Consider bootstrap automation to grant developer access with developer unique keypairs Accounts Billing Access Keys Lay Out Your Foundations
  100. 100. Create an account structure that makes sense Use accounts like environments where you need separation and control e.g Dev Sandboxes Test Environments Business Units Products & Services Control access to billing information Use IAM users to keep billing information in the master account Consolidate billing into a single account Let one account pick up the bill for multiple ‘sub accounts’ Setup billing alerts and automated bill reporting Get CloudWatch notifications when billing reaches a point and output csv reports to S3 for analysis Decide upon a key management strategy Control access to EC2 instances via SSH and embedded public key: e.g. EC2 Key Pair per group of instances, EC2 Key Pair per account Consider SSH key rotation & automation Limit exposure to private key compromise by rotating keys and replacing authorized_keys listings on running instances Consider bootstrap automation to grant developer access with developer unique keypairs Accounts Billing Access Keys Use IAM Groups to manage console users and API access Provide developers with IAM user login and unique API access credentials Control & restrict what IAM users can do by placing them in groups with policies Assign EC2 Instances IAM roles Let AWS manage API access credentials on running instances by assigning a system entitlement to an instance e.g instance can only read S3 bucket Groups & Roles Lay Out Your Foundations
  101. 101. Account Administrators Developers Applications Bob Kevin Tomcat Jim Brad Mark Susan Reporting Console Identity & access management
  102. 102. Account Administrators Developers Applications Bob Kevin Tomcat Jim Brad Mark Susan Reporting Console Multi-factor authentication Groups Identity & access management
  103. 103. AWS system entitlements RolesAccount Administrators Developers Applications Bob Kevin Tomcat Jim Brad Mark Susan Reporting Console Multi-factor authentication Groups Identity & access management
  104. 104. IAM policies {      "Statement":  [          {              "Effect":  "Allow",              "Action":  [                  "elasticbeanstalk:*",                  "ec2:*",                  "elasticloadbalancing:*",                  "autoscaling:*",                  "cloudwatch:*",                  "s3:*",                  "sns:*"              ],              "Resource":  "*"          }      ]   }   Policy driven Declarative definition of rights for groups Policies control access to AWS APIs
  105. 105. 3 Think security
  106. 106. Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer Data AmazonYou Shared responsibility
  107. 107. Understand your customer & form security stance Leverage shared security model
  108. 108. Understand your customer & form security stance Leverage shared security model Your certifications Your processes Penetration test requests External audience
  109. 109. Understand your customer & form security stance Leverage shared security model IAM Administration Architecture Internal audience Your certifications Your processes Penetration test requests External audience
  110. 110. Understand your customer & form security stance Leverage shared security model IAM Administration Architecture Internal audience Your certifications Your processes Penetration test requests External audience AWS Certifications AWS White Papers AWS QSA Process Regulated audience
  111. 111. Understand your customer & form security stance Engage with security assessors early in adoption cycle Leverage shared security model Don’t fear assessment – AWS meets high standards (PCI, ISO27001, SOC2…) As with any infrastructure provider, security assessments take time Derive value from architecture reviews early in deployment cycle
  112. 112. Understand your customer & form security stance Engage with security assessors early in adoption cycle Use comprehensive materials and certifications provided by AWS Leverage shared security model http://aws.amazon.com/security/ Risk and compliance paper AWS security processes paper CSA consensus assessments initiative questionnaire
  113. 113. Understand your customer & form security stance Engage with security assessors early in adoption cycle Use comprehensive materials and certifications provided by AWS Build upon features of AWS and implement a ‘security by design’ environment Leverage shared security model
  114. 114. Build upon AWS features IAM Control users and allow AWS to manage credentials in running instances for service access (allocation, rotation) APIs vs Instance Provide developer API credentials and control access to SSH keys Temporary Credentials Provide developer API credentials and control access to SSH keys Instance firewalls Firewall control on instances via Security Groups CLIs and APIs Instantly audit your entire AWS infrastructure from scriptable APIs – generate an on-demand IT inventory enabled by programmatic nature of AWS Subnet control Create low level networking constraints for resource access, such as public and private subnets, internet gateways and NATs Bastion hosts Only allow access for management of production resources from a bastion host. Turn off when not needed Tiered Access Security Groups VPC Private connections to VPC Secured access to resources in AWS over software or hardware VPN and dedicated network links Direct Connect & VPN
  115. 115. Architect to use cloud strengths 4
  116. 116. Architect to use cloud strengths e.g. Application performance improvement by migration of static content to S3/CloudFront Review application architectures early – assess fit for cloud Can cloud benefits be leveraged with minimum effort outlay? e.g. variable capacity requirements, ‘standard’ technology stacks, reference architectures* *http://aws.amazon.com/architecture ? ? ? ? e.g. Faster development cycles for dev/test, reduced cap-ex for application environments Will cloud yield cost savings & agility improvements? e.g. fully scripted deployments, IAM & EC2 instance roles, rolling deployments Can automation lead to a more agile & secure service?
  117. 117. 1 Create instance for your OS choice 2 Configure environment 3 Install software 4 Create AMI from instance 5 Launch fully configured instances from AMI Bootstrapping – custom AMIs AMI Custom machine image Instance Auto-scaling Manual deployments Programmatic deployments
  118. 118. ami-id ami-launch-index ami-manifest-path block-device-mapping hostname instance-action instance-id Instance-type kernel-id local-hostname local-ipv4 mac network placement profile public-hostname public-ipv4 public-keys reservation-id http://169.254.169.254/latest/meta-data Metadata service contains wealth of information about an instance Bootstrapping – metadata service AMI Instance Metadata Service Receive custom data to drive bootstrapping Custom or standard machine image
  119. 119. + user data Scripts in user-data field of metadata will be executed on launch e.g. http://169.254.169.254/latest/meta-data Metadata service contains wealth of information about an instance #!/bin/sh   yum  -­‐y  install  httpd   chkconfig  httpd  on   /etc/init.d/httpd  start   <powershell>    …   </powershell>   Or: AMI Instance Metadata Service Receive custom data to drive bootstrapping Bootstrapping – metadata service Custom or standard machine image
  120. 120. + user data Scripts in user-data field of metadata will be executed on launch http://169.254.169.254/latest/meta-data Metadata service contains wealth of information about an instance AMI Instance Metadata Service Receive custom data to drive bootstrapping Bootstrapping – metadata service Install software e.g. web server, app server, proxy Pull data and application packages from S3 Publish metadata for instance to other systems e.g. monitoring systems Setup security profile of instance based upon intended use e.g. pull latest config Custom or standard machine image
  121. 121. 1.  Use multiple availability zones
  122. 122. 2.  Use RDS with replicas and slaves
  123. 123. 3.  Use auto-scaling groups
  124. 124. 4.  Use Elastic Load Balancing
  125. 125. 5.  Use Route53 to host DNS zones
  126. 126. Use at regional level Combined with autoscaling will balance requests and resource capacity across availability zones Within VPC Use to loadbalance between application tiers within an availability zone Instance migrations Easily move instances from dev environments to test environments by moving between ELBs Leverage SLA Improve application reliability with Route 53’s SLA on requests served Weighted routing Perform A/B analysis, and staged application roll-outs by moving a portion of traffic to new infrastructure Control TTLs and updates Take absolute control of DNS updates for more decisive system updates Scale databases without admin overhead Choose instance size for databases and scale up over time Add high availability from management console Create master-slave configurations and read-replicas. AWS takes care of the failover and recreation of a new slave in event of master DB loss Elastic Load Balancing Route 53 RDS Dynamically scale resources & control costs Only provision the resources that are required with scale up and cool down policies that match demand Auto-scaling Architect to use cloud strengths Find out more at: aws.amazon.com/architecture
  127. 127. Services not software 5
  128. 128. AWS Cloud-Based Infrastructure & Services Your Business More Time to Focus on Your Business Configuring Your Cloud Assets 70% 30%70% Self Managed Software & Infrastructure 30% Managing All of the “Undifferentiated Heavy Lifting” Services not software
  129. 129. Relational Database Service Database-as-a-Service No need to install or manage database instances Scalable and fault tolerant configurations DynamoDB Provisioned throughput NoSQL database Fast, predictable performance Fully distributed, fault tolerant architecture Services not software Use RDS for databases Use DynamoDB for high performance key- value DB
  130. 130. Amazon SQS Processing task/ processing trigger Processing results Amazon SQS Reliable, highly scalable, queue service for storing messages as they travel between instances Services not software Task A Task B (Auto-scaling) Task C 2 3 1 Simple Workflow Reliably coordinate processing steps across applications Integrate AWS and non-AWS resources Manage distributed state in complex systems Push inter-process workflows into the cloud with SWF Reliable message queuing without additional software
  131. 131. Cloud Search Elastic search engine based upon Amazon A9 search engine Fully managed service with sophisticated feature set Scales automatically Document Server Results Search Server Don’t install search software, use CloudSearch Services not software Process large volumes of data cost effectively with EMR Elastic MapReduce Elastic Hadoop cluster Integrates with S3 & DynamoDB Leverage Hive & Pig analytics scripts Integrates with instance types such as spot
  132. 132. Be elastic and cost optimized 6
  133. 133. Be elastic and cost optimized Scalability Availability Cost Optimization Elastic Load Balancing Auto-scaling policies Instance types and sizes
  134. 134. Manually Send an API call or use CLI to launch/terminate instances – Only need to specify capacity change (+/-) By Schedule Scale up/down based on date and time By Policy Scale in response to changing conditions, based on user configured real-time monitoring and alerts Auto-Rebalance Instances are automatically launched/terminated to ensure the application is balanced across multiple Azs Auto-scaling policies
  135. 135. Manually Send an API call or use CLI to launch/terminate instances – Only need to specify capacity change (+/-) By Schedule Scale up/down based on date and time By Policy Scale in response to changing conditions, based on user configured real-time monitoring and alerts Auto-Rebalance Instances are automatically launched/terminated to ensure the application is balanced across multiple Azs Auto-scaling policies Preemptive manual scaling of capacity e.g. before a marketing event add 10 more instances Regular scaling up and down of instances e.g. scale from 0 to 2 to process SQS messages every night or double capacity on a Friday night Dynamic scale based upon custom metrics e.g. SQS queue depth, Average CPU load, ELB latency Maintain capacity across availability zones e.g. Instance availability maintained in event of AZ becoming unavailable
  136. 136. Unix/Linux instances start at $0.02/ hour Pay as you go for compute power Low cost and flexibility Pay only for what you use, no up-front commitments or long-term contracts Use Cases: Applications with short term, spiky, or unpredictable workloads; Application development or testing On-demand instances 1- or 3-year terms Pay low up-front fee, receive significant hourly discount Low Cost / Predictability Helps ensure compute capacity is available when needed Use Cases: Applications with steady state or predictable usage Applications that require reserved capacity, including disaster recovery Reserved instances Bid on unused EC2 capacity Spot Price based on supply/demand, determined automatically Cost / Large Scale, dynamic workload handling Use Cases: Applications with flexible start and end times Applications only feasible at very low compute prices Spot instances Instance types
  137. 137. Use frameworks 7
  138. 138. Compute Storage Security Scaling Database Networking Monitoring Messaging Workflow DNS Load Balancing BackupCDN Everything is programmable Access everything via CLI, API or Console Achieve the highest levels of automation sophistication with ease Find out more at: aws.amazon.com/developers/getting-started/
  139. 139. Quickly deploy and manage apps in AWS… Elastic Beanstalk CloudFormationOpsWorks
  140. 140. CloudFormation components & terminology Template CloudFormation Stack JSON formatted file Parameter definition Resource creation Configuration actions Configured AWS services Comprehensive service support Service event aware Customisable Framework Stack creation Stack updates Error detection and rollback Elastic Beanstalk CloudFormationOpsWorks
  141. 141. Powerful management framework with Chef support Stack Layers Management Managed environment Definition of environment such as production or test Management services Scaling, cloning, user access, self healing Collection of resources Blueprint for a collection of resources (instances, EBS, EIPs etc) Apps Your application assets Resources to deploy and run in layers Elastic Beanstalk CloudFormationOpsWorks
  142. 142. Get supported 8
  143. 143. Basic Developer Business Enterprise Offering 24x7x365 ✓ Forum Access ✓ Documentation ✓ Access to support Support for HealthChecks Find out more at: aws.amazon.com/premiumsupport
  144. 144. Basic Developer Business Enterprise Offering 24x7x365 ✓ Forum Access ✓ Documentation ✓ Access to support Support for HealthChecks Find out more at: aws.amazon.com/premiumsupport
  145. 145. Developer Basic Business Enterprise Offering 24x7x365 ✓ Forum Access ✓ Documentation ✓ Access to support Email Named Contacts 1 Fastest Response Time 12 Hours Architecture Support Building Blocks Best Practice ✓ Diagnostics Tools ✓ Find out more at: aws.amazon.com/premiumsupport
  146. 146. Business Basic Developer Enterprise Offering 24x7x365 ✓ Forum Access ✓ Documentation ✓ Access to support Phone, Chat, Email Named Contacts 5 Fastest Response Time 1 Hour Architecture Support Use Case Guidance Best Practice ✓ Diagnostics Tools ✓ Direct Routing ✓ 3rd Party Software ✓ Trusted Advisor ✓ Find out more at: aws.amazon.com/premiumsupport
  147. 147. Enterprise Basic Developer Business Offering 24x7x365 ✓ Forum Access ✓ Documentation ✓ Access to support Phone, Chat, Email Named Contacts Unlimited Fastest Response Time 15 Minutes Architecture Support Application Architecture Best Practice ✓ Diagnostics Tools ✓ Direct Routing ✓ 3rd Party Software ✓ Trusted Advisor ✓ Direct TAM Access ✓ White Glove Case Handling ✓ Management Business Review ✓ Find out more at: aws.amazon.com/premiumsupport
  148. 148. Trusted advisor
  149. 149. Security Fault Tolerance Cost Optimization Open ports in Security Groups World access (/0 CIDR) IAM use EBS snapshot age ELB Optimization Availability Zones Unused Elastic Ips Underutilized EC2 instances Business and Enterprise Support has been enhanced to include best practice audits via AWS Trusted Advisor Find out more at: aws.amazon.com/premiumsupport/trustedadvisor
  150. 150. 3rd party software
  151. 151. Operating Systems 3rd Party Software 3rd Party Software Support Enhancements Operating Systems including: Ubuntu Linux Red Hat Enterprise Linux and Fedora SUSE Linux (SLES and openSUSE) CentOS Linux Microsoft Windows 2003 R2 Microsoft Windows 2008 Microsoft Windows 2008 R2 Microsoft Windows 2012 Common application stack components including: Amazon SDKs Apache, Nginx and IIS web servers Sendmail & Postfix MTAs SSH, SFTP & FTP Disk Management tools – LVM & Software RAID VPN Solutions – OpenVPN, RRAS Databases – MySQL & SQL Server
  152. 152. Summary Next Steps
  153. 153. Choose your use case well Organize your environments Think security Architect to cloud strengths Services not software Be elastic & cost optimized Use frameworks where appropriate Get supported
  154. 154. AWS Training & Certification CerEficaEon   aws.amazon.com/cerKficaKon   Demonstrate  your  skills,   knowledge,  and  experKse   with  the  AWS  plaeorm   Self-­‐Paced  Labs   aws.amazon.com/training/   self-­‐paced-­‐labs   Try  products,  gain  new   skills,  and  get  hands-­‐on   pracKce  working  with  AWS   technologies   aws.amazon.com/training   Training   Skill  up  and  gain  confidence   to  design,  develop,  deploy   and  manage  your   applicaKons  on  AWS  
  155. 155. Join us for AWS CloudSchool Dublin July 15 #AWS #CloudSchool
  156. 156. We typically see customers start by trying our services Get  started  now  at  :  aws.amazon.com/gecng-­‐started  
  157. 157. Design your application for the AWS Cloud More  details  on  the  AWS  Architecture  Center  at  :  aws.amazon.com/architecture  
  158. 158. AWS RoadShow Dublin Ian Massingham - Technical Evangelist 11 June 2014
  159. 159. @AWS_UKI for local AWS events & news @AWScloud for Global AWS News and Announcements ©Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.   #AWSRoadshow

×